On March 20, 2013, several high profile employees of Microsoft had their Xbox Live accounts hacked. Brain Krebs, who is a security researcher, was hacked by the same method. He was a target because he blogs about undercover websites where people can buy hacking related items. The hackers launched a DDoS attack to his blog and made calls to emergency hotlines around his area so that the SWAT team showed up at his house. The hackers that hacked Microsoft used a stringed social engineering technique to attain Social Security Numbers of high ranked employees at Microsoft. They first got the individuals' databases and were able to get things such as credit card numbers and then were able to get their SSNs. From this, they were able to hack into their Microsoft Xbox live accounts.
Analysis:
Microsoft apparently did not have adequate controls for keeping employee information secure. Before the attacks, Microsoft implemented an infrastructure with security to have better ways to handle information and yet, hackers managed to get through their system. Now that these attacks have occurred, Microsoft is trying again to work with law enforcement to help prevent hacking attacks. They are also trying to make customers feel safe by telling them that the hackers were not after customers, but rather were after the high profile employees so that customers should not have anything to worry about. This may be so, but it is not a good enough reason for the customers to feel completely safe that their accounts will not be hacked. There needs to be more protection for accounts in Microsoft's Xbox Live. It is difficult to stop DDoS attacks because firewalls can't even stop them from happening. However, controls such as rate limiting could be implemented where certain types of traffic is limited for databases or getting help from ISPs could work. The bottom line is that Microsoft needs to try very hard with working with other organizations in order to prevent any attacks in the future and for their employees and customers to feel safe to use their accounts.
On March 20, 2013, several high profile employees of Microsoft had their Xbox Live accounts hacked. Brain Krebs, who is a security researcher, was hacked by the same method. He was a target because he blogs about undercover websites where people can buy hacking related items. The hackers launched a DDoS attack to his blog and made calls to emergency hotlines around his area so that the SWAT team showed up at his house. The hackers that hacked Microsoft used a stringed social engineering technique to attain Social Security Numbers of high ranked employees at Microsoft. They first got the individuals' databases and were able to get things such as credit card numbers and then were able to get their SSNs. From this, they were able to hack into their Microsoft Xbox live accounts.
Analysis:
Microsoft apparently did not have adequate controls for keeping employee information secure. Before the attacks, Microsoft implemented an infrastructure with security to have better ways to handle information and yet, hackers managed to get through their system. Now that these attacks have occurred, Microsoft is trying again to work with law enforcement to help prevent hacking attacks. They are also trying to make customers feel safe by telling them that the hackers were not after customers, but rather were after the high profile employees so that customers should not have anything to worry about. This may be so, but it is not a good enough reason for the customers to feel completely safe that their accounts will not be hacked. There needs to be more protection for accounts in Microsoft's Xbox Live. It is difficult to stop DDoS attacks because firewalls can't even stop them from happening. However, controls such as rate limiting could be implemented where certain types of traffic is limited for databases or getting help from ISPs could work. The bottom line is that Microsoft needs to try very hard with working with other organizations in order to prevent any attacks in the future and for their employees and customers to feel safe to use their accounts.